Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28494 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 6.5 MEDIUM | 9.6 CRITICAL |
|
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases
|
|||||
| CVE-2021-28493 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases
|
|||||
| CVE-2021-28174 | 1 Mitake | 1 Smart Stock Selection | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.
|
|||||
| CVE-2021-28152 | 1 Hongdian | 2 H8922, H8922 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
|
|||||
| CVE-2021-27990 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
|
|||||
| CVE-2021-27794 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
|
|||||
| CVE-2021-27734 | 1 Belden | 2 Hirschmann Hios, Hisecos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
|
|||||
| CVE-2021-27715 | 1 Mofinetwork | 2 Mofi4500-4gxelte-v2, Mofi4500-4gxelte-v2 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
|
|||||
| CVE-2021-27651 | 1 Pega | 1 Infinity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
|
|||||
| CVE-2021-27610 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
|
|||||
| CVE-2021-27522 | 1 Learnsite Project | 1 Learnsite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.
|
|||||
| CVE-2021-27451 | 1 Mesalabs | 1 Amegaview | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.
|
|||||
| CVE-2021-26905 | 1 1password | 1 Scim Bridge | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
|
|||||
| CVE-2021-26638 | 1 Xisnd | 1 S\&d Smarthome | 2024-11-21 | 10.0 HIGH | 7.3 HIGH |
|
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.
|
|||||
| CVE-2021-26637 | 1 Shinasys | 6 Sihas Acm-300, Sihas Acm-300 Firmware, Sihas Gcm-300 and 3 more | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
|
|||||
| CVE-2021-26627 | 1 Qcp | 2 Qcp200w, Qcp200w Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image.
|
|||||
| CVE-2021-26620 | 1 Iptime | 18 Nas-i, Nas-i Firmware, Nas-ii and 15 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
|
|||||
| CVE-2021-26598 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
|
|||||
| CVE-2021-26253 | 1 Splunk | 1 Splunk | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
|
|||||
| CVE-2021-26117 | 4 Apache, Debian, Netapp and 1 more | 8 Activemq, Activemq Artemis, Debian Linux and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
|
|||||
| CVE-2021-26088 | 1 Fortinet | 1 Fortinet Single Sign-on | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets.
|
|||||
| CVE-2021-26070 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
|
|||||
| CVE-2021-25910 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 3.3 LOW | 8.0 HIGH |
|
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
|
|||||
| CVE-2021-25863 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
|
|||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
|
|||||
| CVE-2021-25505 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
|
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
|
|||||
| CVE-2021-25490 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
|
|||||
| CVE-2021-25484 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
|
|||||
| CVE-2021-25466 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
|
|||||
| CVE-2021-25451 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
|
|||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
|
|||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
|
|||||
| CVE-2021-25430 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
|
|||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
|
|||||
| CVE-2021-25389 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 2.3 LOW |
|
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
|
|||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2024-11-21 | 4.6 MEDIUM | 3.3 LOW |
|
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
|
|||||
| CVE-2021-25368 | 1 Samsung | 1 Cloud | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
|
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
|
|||||
| CVE-2021-25347 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
|
|||||
| CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
|
|||||
| CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
|
|||||